Security News

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Trojanized KeePass opens doors for ransomware attackers A suspected initial access broker has been...

A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure researchers have...

Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy...

While its downloadable plugins make it highly customizable, KeePass’ unintuitive interface holds it back from one of our top password manager picks.

​KeePass is a popular and free password management tool. Learn about the benefits and techniques to get the most of out of it.

The major differences between Bitwarden and KeePass quickly became apparent once I started testing out both password managers. Read on to find out why Bitwarden is probably a better fit for your needs than KeePass - unless you're extremely technical and demand a highly customizable password manager.

The real impact of the cybersecurity poverty line on small organizationsIn this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership. Cisco IOS XE zero-day exploited by attackers to deliver implantA previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today.

A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Even worse, Google Ads can be abused to show the legitimate domain for Keepass in the advertisements, making the threat hard to spot even for more diligent and security-conscious users.

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malware peddlers have a number of clever tricks up their sleeve to make the malicious ads and the sites they lead to look legitimate.

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory.In May 2023, security researcher 'vdohney' disclosed a vulnerability and proof-of-concept exploit that allowed you to partially extract the cleartext KeepPass master password from a memory dump of the application.